If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

If foo2 is the parent directorty, how about deleting foo3 & hit the Enter key?
That has worked for me in the past.
I wouldn't think that appending information to the URL would lead to the parent directory.
That is my $.02 worth.

Yes, this possible. If you are parse a query string to a url that runs a CGI script, it is possible to run commands such as a directory listing (or much worse) on the remote machine. That's why when you write CGI programs, you can't trust user input. You have to validate everything. And it doesn't matter what operating system you're running. You are still vulnerable to this type of exploit.

agreed, it can yield results - but in this case know that can't work because i made the dir structure so I am wondering if in this case, where each dir has a seperate set of web pages each with their own index page etc, can someone list all the files and dirs contained in foo3?
Thanks for your replys.